Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:32191
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 83.243.58.163 as permitted sender)
Organization: php.net
To: internals@lists.php.net
Date: Mon, 10 Sep 2007 18:14:57 +0200
User-Agent: KMail/1.9.7
Cc: Pierre <pierre.php@gmail.com>,
 "Lester Caine" <lester@lsces.co.uk>
References: <46E538F7.9000408@lsces.co.uk> <fe05d1540709100543h192da56dtfa8639b1c9da77dd@mail.gmail.com>
In-Reply-To: <fe05d1540709100543h192da56dtfa8639b1c9da77dd@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-ID: <200709101814.59401.johannes@php.net>
Subject: Re: [PHP-DEV] PHP 5.3 Suggested Feature List - Off Vote comments.
From: johannes@php.net (Johannes =?iso-8859-1?q?Schl=FCter?=)

On Monday 10 September 2007 02:43:52 pm Pierre wrote:
> On 9/10/07, Lester Caine <lester@lsces.co.uk> wrote:
> > PLEASE can we have an assessment of how this new list of features will
> > affect users porting from PHP4 rather than simply assuming that this is
> > just a simple 'upgrade' from PHP5.2.X.
> >
> > As discussion has already been shouted down on the vote list ... we have
> > to get people to convert *TO* PHP5 before PHP6 becomes practical. Lets
> > not create yet another roadblock in that path :(
>
> If you fear a magic_quotes GPC and register globals removal, you can
> sleep quiet. It is not going to happen. I wonder why it is the poll as
> it can't be made in 5.3, in no way, even if we all dream about that :)

Removing register_globals can be worked around using a one line patch (->=20
import_request_vars) so the break would be minimal but I don't think we win=
=20
that much from removing that setting=20

Removing magic_quotes has an easy fix, too but there I see more problems:=20
Quite many people have the default value "On" and their applications=20
therefore are, by accident, a bit more secure (no, they won't be safe, I=20
know) removing , magic_quotes without flooding people without that=20
information would create many holes without people realizing. Therefore suc=
h=20
a change can imo only be done in a major version change like 5 -> 6 where=20
people expect more stuff to break.


As a sidenote:

Maybe interesting for this discussion: I have some statstics about such=20
settings on hosts running some average PHP application (phpMyFAQ). These=20
information is collected from the application's installer and can then be=20
reported to the phpMyFAQ developers. The relevant information here is this=
=20
chart showing the percentage of systems using the mentioned settings by PHP=
=20
version:=20
 http://phpmyfaq.de/stats/svg/settings_20070910160921.png

Of course that's no complete picture of the situation but some indication t=
hat=20
r_g isn't used that much anymore but magic_quotes is. (Please keep in mind=
=20
that theses stats are counting only people who agreed sending the=20
information, it also includes people using test systems and you can=20
absolutely forget the 4.3 information -> by far not enough hosts using=20
phMyFAQ using that version)


My personal conclusion: Removing these doesn't really bring benefits for us=
=20
but might make problems for users since they don't expect such changes=20
(especially magic_quotes...as sad as it is...) in a minor release.

johannes
=2D-=20
Johannes Schl=FCter
http://schlueters.de